CVE-2019-19754

{"id": "CVE-2019-19754", "cveTags": [], "metrics": {}, "published": "2024-04-30T18:15:19.507", "references": [{"url": "https://hiveos.farm/changelog/", "source": "cve@mitre.org"}, {"url": "https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this."}, {"lang": "es", "value": "HiveOS hasta 0.6-102@191212 se entrega con claves de host SSH integradas en la imagen de instalaci\u00f3n, lo que permite ataques de intermediario y hace que la identificaci\u00f3n de todos los nodos IPv4 p\u00fablicos sea trivial con Shodan.io. NOTA: a partir del 26 de septiembre de 2019, el proveedor indic\u00f3 que considerar\u00eda solucionar este problema."}], "lastModified": "2024-07-03T01:35:48.790", "sourceIdentifier": "cve@mitre.org"}